CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 3 days ago•5 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

6.4AI score0.00056EPSS

ATTACKERKB•added 3 days ago•6 views

CVE-2026-42588

6.4AI score0.00056EPSS

Exploits0References2Affected Software3

Vulnrichment•added 3 days ago•6 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

6.4AI score0.001EPSS

Exploits0References2

Nuclei•added 3 days ago•49 views

Spring Data Commons - Remote Code Execution

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS7.9AI score0.94284EPSS

Exploits9References5

Nuclei•added 3 days ago•45 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS7.1AI score0.90996EPSS

Exploits1References5

Nuclei•added 3 days ago•80 views

Spring - Remote Code Execution

Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full...

9.8CVSS7.7AI score0.94428EPSS

Exploits99References6

Nuclei•added 3 days ago•25 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.91358EPSS

Exploits6References5

CNNVD•added 3 days ago•2 views

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from infinite recursion at the routing layer, potentially leading to a memory insufficiency...

Positive Technologies•added 3 days ago•7 views

PT-2026-45373

8.1CVSS6.4AI score0.00056EPSS

Positive Technologies•added 3 days ago•7 views

PT-2026-45515

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

CNNVD•added 3 days ago•2 views

Exploits0References2

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from attempting to add an unlimited number of functions to the function registry, potentially...

Positive Technologies•added 3 days ago•4 views

PT-2026-45514

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

Positive Technologies•added 3 days ago•8 views

Exploits0References2

PT-2026-45376

8.8CVSS6.4AI score0.001EPSS

Exploits0References4

NVD•added 5 days ago•6 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS0.00036EPSS

CVE•added 5 days ago•9 views

CVE-2026-10152

TaleLin lin-cms-spring-boot up to 0.2.1 contains an access-control issue in the BookEndpoint path BookController.java. The underlying cause is stated as improper access controls due to some unknown file processing, with a remote attack possibility and public exploit availability. No specific vuln...

6.5CVSS6.3AI score0.00036EPSS

ATTACKERKB•added 5 days ago•6 views

CVE-2026-10152

6.5CVSS6.3AI score0.00036EPSS

Exploits0References5Affected Software1

Vulnrichment•added 5 days ago•2 views

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

6.5CVSS6.3AI score0.00036EPSS

RedhatCVE•added 6 days ago•8 views

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

6.3CVSS5.1AI score0.00019EPSS